ports/92787: [PATCH] Fix ftp/IglooFTP
Shaun Amott
shaun at inerd.com
Sat Feb 4 05:20:04 UTC 2006
>Number: 92787
>Category: ports
>Synopsis: [PATCH] Fix ftp/IglooFTP
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Sat Feb 04 05:20:02 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Shaun Amott
>Release: FreeBSD 6.0-STABLE i386
>Organization:
>Environment:
System: FreeBSD 6.0-STABLE
>Description:
IglooFTP - Add patches (unbreak port)
- Fix "chunk already allocated" error
I wasn't personally able to make the program "crash at startup", but
I think I have fixed the issue that was causing the error. This is
why the port was marked IGNORE.
- Add sanity checking to avoid GTK assertion errors due to missing
pixmaps.
- Resolve two known vulnerabilities:
http://secunia.com/advisories/13536/
- Replace tmpnam with mkstemp
- Disallow server-provided absolute filenames
Hopefully that's enough to get the port back in action.
- Shaun
>How-To-Repeat:
>Fix:
--- IglooFTP-0.6.1.diff begins here ---
diff -urN IglooFTP.orig/Makefile IglooFTP/Makefile
--- IglooFTP.orig/Makefile Sun Dec 4 21:12:57 2005
+++ IglooFTP/Makefile Sat Feb 4 04:49:08 2006
@@ -17,10 +17,6 @@
MAINTAINER= ports at FreeBSD.org
COMMENT= Easy to use FTP client for X Window System
-IGNORE= crashes at startup
-DEPRECATED= ${IGNORE}
-EXPIRATION_DATE=2006-02-04
-
WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}/src
USE_X_PREFIX= yes
diff -urN IglooFTP.orig/files/patch-ad IglooFTP/files/patch-ad
--- IglooFTP.orig/files/patch-ad Thu Jan 1 01:00:00 1970
+++ IglooFTP/files/patch-ad Sat Feb 4 01:32:50 2006
@@ -0,0 +1,10 @@
+--- dir_tree.c.orig Thu Apr 15 17:05:14 1999
++++ dir_tree.c Thu Feb 2 02:26:20 2006
+@@ -153,7 +153,6 @@
+ new_ptr[0] = 'B';
+ gtk_ctree_node_set_row_data_full (ctree, parent, strdup (new_ptr), (GtkDestroyNotify) free);
+ free (new_ptr);
+- free (ptr); // verify that this is a good thing to do
+
+ PARENT_BROWSED_FLAG = TRUE;
+ }
diff -urN IglooFTP.orig/files/patch-ae IglooFTP/files/patch-ae
--- IglooFTP.orig/files/patch-ae Thu Jan 1 01:00:00 1970
+++ IglooFTP/files/patch-ae Sat Feb 4 01:29:11 2006
@@ -0,0 +1,70 @@
+--- dialog.c.orig Thu Apr 15 17:05:14 1999
++++ dialog.c Thu Feb 2 16:40:36 2006
+@@ -112,10 +112,15 @@
+ gtk_widget_set_usize (fixed_top, 353, 225);
+
+ sprintf (pixmap_path, "%s/xpm/iglooftp.xpm", SHARE_PATH);
+- pixmap = gdk_pixmap_create_from_xpm (startup_window->window, &mask, &startup_window->style->bg[GTK_STATE_NORMAL], pixmap_path);
+- igloo_pixmap = gtk_pixmap_new (pixmap, mask);
+
+- gtk_fixed_put (GTK_FIXED (fixed_top), igloo_pixmap, 0, 0);
++ if (eaccess(pixmap_path, R_OK) == 0) {
++ pixmap = gdk_pixmap_create_from_xpm (startup_window->window, &mask, &startup_window->style->bg[GTK_STATE_NORMAL], pixmap_path);
++ igloo_pixmap = gtk_pixmap_new (pixmap, mask);
++
++ gtk_fixed_put (GTK_FIXED (fixed_top), igloo_pixmap, 0, 0);
++ } else {
++ mask = pixmap = NULL;
++ }
+
+ startup_label = fixed_label (fixed_top, 10, 205, " ");
+ gtk_widget_set_usize (startup_label, 300, 24);
+@@ -126,8 +131,8 @@
+ gtk_widget_show_all (startup_window);
+
+ PROCESS_EVENTS;
+- gdk_pixmap_unref (pixmap);
+- gdk_pixmap_unref (mask);
++ if (pixmap) gdk_pixmap_unref (pixmap);
++ if (mask) gdk_pixmap_unref (mask);
+ }
+
+
+@@ -173,14 +178,22 @@
+ alert_hbox = h_box (alert_vbox, FALSE, 0, 0);
+
+ sprintf (pixmap_path, "%s/xpm/little_igloo.xpm", SHARE_PATH);
+- pixmap = gdk_pixmap_create_from_xpm (alert_window->window, &mask, &alert_window->style->bg[GTK_STATE_NORMAL], pixmap_path);
+- igloo_pixmap = gtk_pixmap_new (pixmap, mask);
++
++ if (eaccess(pixmap_path, R_OK) == 0) {
++ pixmap = gdk_pixmap_create_from_xpm (alert_window->window, &mask, &alert_window->style->bg[GTK_STATE_NORMAL], pixmap_path);
++ igloo_pixmap = gtk_pixmap_new (pixmap, mask);
++ } else {
++ pixmap = mask = NULL;
++ }
+
+ alert_button = gtk_button_new ();
+ gtk_button_set_relief (GTK_BUTTON (alert_button), GTK_RELIEF_NONE);
+
+- gtk_container_add (GTK_CONTAINER (alert_button), igloo_pixmap);
+- gtk_widget_show (igloo_pixmap);
++ if (pixmap) {
++ gtk_container_add (GTK_CONTAINER (alert_button), igloo_pixmap);
++ gtk_widget_show (igloo_pixmap);
++ }
++
+ gtk_box_pack_start (GTK_BOX (alert_hbox), alert_button, TRUE, TRUE, 0);
+ gtk_widget_show (alert_button);
+ gtk_signal_connect (GTK_OBJECT (alert_button), "clicked", GTK_SIGNAL_FUNC (open_URL_from_widget), strdup (HOME_URL));
+@@ -198,8 +211,8 @@
+
+ gtk_widget_show (alert_window);
+
+- gdk_pixmap_unref (pixmap);
+- gdk_pixmap_unref (mask);
++ if (pixmap) gdk_pixmap_unref (pixmap);
++ if (mask) gdk_pixmap_unref (mask);
+ }
+
+
diff -urN IglooFTP.orig/files/patch-af IglooFTP/files/patch-af
--- IglooFTP.orig/files/patch-af Thu Jan 1 01:00:00 1970
+++ IglooFTP/files/patch-af Sat Feb 4 04:38:01 2006
@@ -0,0 +1,272 @@
+--- FTPcommands.h.orig Thu Apr 15 17:05:15 1999
++++ FTPcommands.h Sat Feb 4 01:12:52 2006
+@@ -14,8 +14,12 @@
+ *
+ */
+
++#include "defines.h"
++
+ #define ERROR_REPLY_CODE (FTPctrl->reply[0] == '5' || FTPctrl->reply[0] == '4')
+
++extern char tmpfile_template[];
++
+
+
+ /* LOGIN */
+@@ -282,11 +286,14 @@
+ char
+ FTP_LIST (FTP * FTPctrl, char *filename)
+ {
++ int fd = -1;
+ char tmp_filename[256];
+ char list_command[10];
+ int data_socket = FTP_open_data_connection (FTPctrl);
+ FILE *local;
+
++ sprintf(tmp_filename, tmpfile_template);
++
+ if (FTPctrl->host_type == HOST_VMS)
+ strcpy (list_command, "LIST");
+ else
+@@ -296,11 +303,18 @@
+
+ FTP_TYPE_ASCII (FTPctrl);
+
+- tmpnam (tmp_filename);
+ if (!FTP_exec_command (FTPctrl, list_command) || ERROR_REPLY_CODE)
+ return FTP_error (FALSE, "LIST command failed.", "", data_socket);
+
+- local = fopen (tmp_filename, "w");
++ if ((fd = mkstemp (tmp_filename)) == -1 || (local = fdopen (fd, "w")) == NULL)
++ {
++ if (fd != -1) {
++ unlink(tmp_filename);
++ close(fd);
++ }
++ return FTP_error (FALSE, "Unable to create temporary file.", "", 0);
++ }
++
+ if (!FTP_download (FTPctrl, data_socket, local))
+ return FTP_error (FALSE, "Unable to retreive directory listing. ", "", data_socket);
+
+--- custom_profiles.h.orig Thu Apr 15 17:05:15 1999
++++ custom_profiles.h Sat Feb 4 00:59:51 2006
+@@ -169,6 +169,7 @@
+ static void
+ delete_user_prof_from_file (GtkWidget * widget, gpointer data)
+ {
++ int fd = -1;
+ const int remove_this_one = (int) GTK_CLIST (clist)->selection->data;
+ char tmp_filename[256];
+ char prof_path[1024];
+@@ -180,9 +181,21 @@
+
+ gtk_widget_destroy (gtk_widget_get_toplevel (widget));
+ sprintf (prof_path, "%s/%s/%s", home_path, PREFERENCES_PATH, USER_PROF);
+- tmpnam (tmp_filename);
++ sprintf (tmp_filename, "%s.%s", prof_path, "tmp.XXXXXXXX");
++
++ if ((fd = mkstemp (tmp_filename)) == -1) {
++ DEBUG("Unable to create temporary file.");
++ return;
++ }
++
++ close (fd);
++
+ rename (prof_path, tmp_filename);
+- file_handle = open (tmp_filename, O_RDONLY, RC_PERM);
++
++ if ((file_handle = open (tmp_filename, O_RDONLY|O_EXCL, RC_PERM)) == -1) {
++ DEBUG("Unable to create temporary file.");
++ return;
++ }
+
+ for (index = 0; index < index_total; index++)
+ {
+--- defines.h.orig Thu Apr 15 17:05:15 1999
++++ defines.h Sat Feb 4 01:10:47 2006
+@@ -47,6 +47,9 @@
+ #define SHARE_PATH "/usr/local/src/IglooFTP"
+ #endif
+
++#define TMPFILE_FILE "IglooFTP.tmp.XXXXXXXX"
++char tmpfile_template[256];
++
+
+ #define PREFERENCES_PATH ".IglooFTP"
+ #define USER_LAYOUT "user.layout"
+--- dirlist.c.orig Thu Apr 15 17:05:14 1999
++++ dirlist.c Fri Feb 3 23:20:24 2006
+@@ -1619,6 +1619,7 @@
+ upload_selection_recursive (void)
+ {
+
++ int fd = -1;
+ GdkColor done_color = GREYCYAN;
+ GdkColormap *colormap;
+ GList *selection = GTK_CLIST (clist)->selection;
+@@ -1635,8 +1636,15 @@
+
+ getcwd (current_local_dir, sizeof (current_local_dir));
+
+- tmpnam (tmp_filename);
+- tmp = fopen (tmp_filename, "w");
++ if ((fd = mkstemp (tmp_filename)) == -1 || (tmp = fdopen (fd, "w")) == NULL)
++ {
++ if (fd != -1) {
++ unlink(tmp_filename);
++ close(fd);
++ }
++ DEBUG("Unable to create temporary file.");
++ return;
++ }
+
+ colormap = gtk_widget_get_colormap (window);
+ gdk_color_alloc (colormap, &done_color);
+--- ftplist.c.orig Thu Apr 15 17:05:15 1999
++++ ftplist.c Sat Feb 4 01:15:59 2006
+@@ -1189,6 +1189,15 @@
+ IDLE_END;
+ CHECK_CONNEXION_VOID;
+
++ /* Is it worth trying to handle this better? */
++
++ char msg_buf[1024];
++ if ((strchr(filename, '/') != NULL) || (strstr(filename, "..") != NULL)) {
++ snprintf (msg_buf, sizeof(msg_buf), "Skipping non-relative filename: %s", filename);
++ error_message (msg_buf);
++ return;
++ }
++
+ if (IGLOO_download (filename, filesize, filedate, NULL))
+ {
+ char that_path[1024];
+@@ -1255,6 +1264,7 @@
+ static void
+ perfom_recursive_command_on_selection (char recursive_command, char *optionnal_arg, char IS_TOP_DIR)
+ {
++ int fd = -1;
+ GList *selection = GTK_CLIST (clist)->selection;
+ gchar *filename;
+ gchar *fileperm;
+@@ -1265,9 +1275,17 @@
+ char DIR_FOUND_IN_SELECTION = FALSE;
+ char *current_remote_dir = strdup (this_session.cwd_dir);
+
+- tmpnam (tmp_filename);
+- tmp = fopen (tmp_filename, "w");
++ sprintf(tmp_filename, tmpfile_template);
+
++ if ((fd = mkstemp (tmp_filename)) == -1 || (tmp = fdopen (fd, "w")) == NULL)
++ {
++ if (fd != -1) {
++ unlink(tmp_filename);
++ close(fd);
++ }
++ DEBUG("Unable to create temporary file.");
++ return;
++ }
+
+ while (selection && (!want_abort))
+ {
+@@ -1710,6 +1728,7 @@
+ static char
+ download_selection_recursive (void)
+ {
++ int fd = -1;
+ GdkColor done_color = GREYCYAN;
+ GdkColormap *colormap;
+ GList *selection = GTK_CLIST (clist)->selection;
+@@ -1725,10 +1744,19 @@
+ char *current_remote_dir = strdup (this_session.cwd_dir);
+ char current_local_dir[1024];
+
++ sprintf(tmp_filename, tmpfile_template);
++
+ getcwd (current_local_dir, sizeof (current_local_dir));
+
+- tmpnam (tmp_filename);
+- tmp = fopen (tmp_filename, "w");
++ if ((fd = mkstemp (tmp_filename)) == -1 || (tmp = fdopen (fd, "w")) == NULL)
++ {
++ if (fd != -1) {
++ unlink(tmp_filename);
++ close(fd);
++ }
++ DEBUG("Unable to create temporary file.");
++ return FALSE;
++ }
+
+ colormap = gtk_widget_get_colormap (window);
+ gdk_color_alloc (colormap, &done_color);
+@@ -1748,6 +1776,18 @@
+ gtk_clist_get_text (GTK_CLIST (clist), index, 2, &filesize);
+ gtk_clist_get_text (GTK_CLIST (clist), index, 3, &filedate);
+ gtk_clist_get_text (GTK_CLIST (clist), index, 4, &fileperm);
++
++ /* Basic sanity checks */
++
++ char msg_buf[1024];
++ if ((strchr(filename, '/') != NULL) || (strstr(filename, "..") != NULL)) {
++ snprintf (msg_buf, sizeof(msg_buf), "Skipping non-relative filename: %s", filename);
++ error_message (msg_buf);
++ selection = selection->next;
++ gtk_clist_unselect_row (GTK_CLIST (clist), index, 0);
++ gtk_clist_moveto (GTK_CLIST (clist), index, 0, 0.5, 0);
++ continue;
++ }
+
+ if (fileperm[0] != 'd')
+ {
+--- main.c.orig Fri Feb 3 23:52:15 2006
++++ main.c Sat Feb 4 01:23:16 2006
+@@ -109,6 +109,18 @@
+ fpsetmask(0);
+ #endif
+
++ char *td;
++ if ((td = getenv("TMPDIR")) != NULL && strlen(td) != 0) {
++ if (td[strlen(td)-1] == '/')
++ strncpy(tmpfile_template, td, strlen(td)-1);
++ else
++ strncpy(tmpfile_template, td, strlen(td));
++ } else {
++ strcpy(tmpfile_template, "/tmp");
++ }
++ strncat(tmpfile_template, "/", sizeof(tmpfile_template));
++ strncat(tmpfile_template, TMPFILE_FILE, sizeof(tmpfile_template));
++
+ gtk_set_locale ();
+ gtk_init (&argc, &argv);
+
+--- session.c.orig Thu Apr 15 17:05:15 1999
++++ session.c Fri Feb 3 23:20:24 2006
+@@ -32,7 +32,8 @@
+ {
+ FILE *out = NULL;
+ FTPsession that_session;
+- int file_handle;
++ int fd = -1;
++ FILE *file_handle = NULL;
+ char tmp_filename[MPLEN];
+ char spawn_tmp[MPLEN];
+
+@@ -41,8 +42,16 @@
+
+ strcpy (that_session.start_dir, this_session.cwd_dir);
+
+- tmpnam (tmp_filename);
+- file_handle = open (tmp_filename, O_CREAT | O_RDWR, RC_PERM);
++ if ((fd = mkstemp (tmp_filename)) == -1 || (file_handle = fdopen (fd, "w")) == NULL)
++ {
++ if (fd != -1) {
++ unlink(tmp_filename);
++ close(fd);
++ }
++ DEBUG("Unable to create temporary file.");
++ return;
++ }
++
+ write (file_handle, &that_session, sizeof (FTPsession));
+ close (file_handle);
+
--- IglooFTP-0.6.1.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list